DOCSLIB.ORG

The Commonwealth of Massachusetts

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Office Use Only: Fiscal Year The Commonwealth of Massachusetts OFFICE OF THE ATTORNEY GENERAL NON-PROFIT ORGANIZATIONS/PUBLIC CHARITIES DIVISION ONE ASHBURTON PLACE BOSTON, MASSACHUSETTS 02108 (617) 727-2200, ext. 2101 www.mass.gov/ago/charities Form PC Check all items attached Report for the Fiscal Period: 01/01/14 to 12/31/14 (if applicable) X Schedule A-1 Attorney General's Account #: 046444 X Schedule A-2 Schedule RO Federal ID #: 20-8096820 Probate Account X Copy of IRS Return When did the organization first engage in X Audited Financial charitable work in Massachusetts? 01/01/2007 Statements/Review X Filing Fee Has the organization applied for or been granted Amended Articles/ IRS tax exempt status? X Yes No By-Laws If yes, date of application OR date of determination letter: 02/26/2007 IRS Exemption under 501(c): 3 If exempt under 501(c), are contributions to the organization tax deductible as charitable contributions? X Yes No Organization Data Name: THE TOR PROJECT, INC. Mailing Address: 7 TEMPLE STREET, SUITE A City: CAMBRIDGE State: MA ZIP: 02139 Phone Number: (781) 769-7555 Fax Number: Email: Website: WWW.TORPROJECT.ORG In the table below, please enter the appropriate codes from the corresponding tables found in the instructions. Enter up to 2 codes from Table 3 for your organization's main purpose(s) Category Code Category Code County (Table 1) 11 Organization Purpose Code 1 55 Type of Organization (Table 2) 21 Organization Purpose Code 2 Please check box if final return prior to dissolution: Office Use Only: Payment Received Form PC Page 1 of 14 478001 05-01-14 1 THE TOR PROJECT, INC. 20-8096820 All questions must be completed in their entirety whether or not similar questions are answered in an attached federal form. See instructions and definition section for guidance. 1. On what date was the organization created? 12/22/2006 2. Where was the organization created? MASSACHUSETTS 3. What is the form of organization? (check one) Corporation X Testamentary Trust Unincorporated Association Inter Vivos Trust Other (please describe): 4. Was your organization related to any other organization(s) during the reporting year (see definition of "Related Organization")? If yes, please complete the Schedule RO on pages 13 and 14. Yes X No 5. Enter your summary of financial data: Financial Data Amounts A. Contributions, gifts, grants, and similar amounts received 288,667. B. Gross support and revenue 2,556,397. C. Program services and similar amounts paid out 2,344,084. D. Fundraising expenses 30,954. E. Management and general expenses 143,506. F. Payments to affiliates 0. G. Total expenses 2,518,544. H. Net assets or fund balances at the end of the year 1,476,833. 6. List the total compensation you provided to your five highest paid employees: Hrs/ Salary and Other Name/Title Benefit Plans Week Other Income Compensation ANDREW LEWMAN 1. CLERK, TREAS., EXEC. DIR. 40.00 150,000. 3,000. 18,700. KARSTEN LOESING 2. DEVELOPER 40.00 119,256. 0. 22,615. NICK MATHEWSON 3. CHIEF ARCHITECT 40.00 135,000. 0. 18,675. ROGER DINGLEDINE 4. RESEARCH DIRECTOR 40.00 135,000. 2,700. 5,519. ANDREA SHEPARD 5. DEVELOPER 40.00 125,004. 0. 2,953. 7. Was any compensation provided to any of the individuals listed in question 6 above which was not quantified in your response to 6? If yes, please provide explanation (attach separate sheet). Yes X No Form PC Page 2 of 14 Rev. 02/2010 478002 10-14-14 2 THE TOR PROJECT, INC. 20-8096820 8. List the name, amount of compensation paid, and the nature of services rendered by each of the organization's five highest paid consultants providing professional services (e.g. attorneys, architects, accountants, management companies, investment advisors, professional solicitors, professional fundraising counsel). Name/Title Amount of Compensation Type(s) of Service 1. PEARL CRESCENT, LLC 100,725.DEVELOPER 2. NICOLAS VIGIER 87,495.DEVELOPER 3. GEORG KOPPEN 78,581.DEVELOPER 4. 3BIS 71,279.DEVELOPER 5. GEORGE KADIANAKIS 58,968.DEVELOPER 9. Bank(s) in which the organization's funds are deposited (include bank addresses and phone numbers): Bank Address Phone Number DEDHAM SAVINGS BANK 55 ELM STREET, DEDHAM, MA 02026 781-329-6700 2 MORRISSEY BLVD, DORCHESTER, MA SANTANDER BANK 02125 617-379-4017 200 TECHNOLOGY SQUARE, CAMBRIDGE, CITI BANK MA 02139 617-800-0856 10. What is the organization's accounting method? Cash X Accrual Other (specify): 11. If organization's mailing address is a P.O. Box, list the organization's full street address: Address: City: State: ZIP Code: 12. Contact Person Name: MEREDITH DUNN Street Address: 7 TEMPLE STREET, SUITE A City: CAMBRIDGE State: MA ZIP Code: 02139 Phone Number: 781-769-7555 Form PC Page 3 of 14 Rev. 02/2010 478003 10-14-14 3 THE TOR PROJECT, INC. 20-8096820 13. During the fiscal year reported here, did your organization solicit contributions or have funds solicited on its behalf? X Yes No 14. At any time during the fiscal year following the year reported here, will your organization, or others acting on its behalf, solicit contributions? X Yes No If you answered yes to Question 13 or 14, you must complete Schedule A-1 and/or Schedule A-2 unless you are exempt from the solicitation certificate requirement. 15. If you are claiming an exemption from the solicitation certificate requirement, please indicate by checking the box to the right to identify which exemption applies to your organization. a religious organization an organization which: (a) does not raise more than $5,000 during a calendar year OR does not receive contributions from more than ten persons during a calendar year; AND (b) carries out all of its activities, including fundraising, through unpaid volunteers. (The conditions at both (a) and (b) must be met for your organization to qualify for this exemption.) 16. Attach a list of names, addresses (street and/or mailing), and telephone numbers of other offices/chapters/branches/affiliates. 17. Attach a list of names, titles, and addresses (street and/or mailing) of officers, directors, trustees, and the principal salaried executives of organization. STATEMENT 1 18. Attach a list of names, titles, and addresses (street and/or mailing) of any individual(s) authorized to sign checks, and any individual(s) responsible for: custody of funds; distribution of funds; fundraising; and custody of financial records. STATEMENT 2 19. Has this organization or any of its officers, directors, employees or fundraisers solicited funds in any Yes X No other state? If you attach list of states where solicitation was conducted, including registered agency, dates of registration, registration numbers, any other names under which the organization was/is registered, and the dates and type (mail, telephone, door to door, special events, etc.) of the solicitation conducted. Form PC Page 4 of 14 Rev. 02/2010 478004 05-01-14 4 THE TOR PROJECT, INC. 20-8096820 }}}}}}}}}}}}}}}}}}}}} }}}}}}}}}} ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FORM PC OFFICERS, DIRECTORS, TRUSTEES AND EXECUTIVES STATEMENT 1 }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} NAME AND ADDRESS TITLE }}}}}}}}}}}}}}}} }}}}} ANDREW LEWMAN TREAS/CLERK/EXEC DIR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 NICK MATHEWSON V.P./CHIEF ARCHITECT 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ROGER DINGLEDINE PRES/RESEARCH DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 IAN GOLDBERG CHAIRMAN/DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 WENDY SELTZER DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 MEREDITH DUNN DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 CASPAR BOWDEN DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ROB THOMAS DIRECTOR 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 5 STATEMENT(S) 1 THE TOR PROJECT, INC. 20-8096820 }}}}}}}}}}}}}}}}}}}}} }}}}}}}}}} ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FORM PC PAGE 4, LINE 18 STATEMENT 2 }}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} NAME AND ADDRESS AREA OF RESPONSIBILITY }}}}}}}}}}}}}}}} }}}}}}}}}}}}}}}}}}}}}} ANDREW LEWMAN RESPONSIBLE FOR CUSTODY OF FUNDS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ANDREW LEWMAN RESPONSIBLE FOR DISTRIBUTION OF FUNDS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ANDREW LEWMAN RESPONSIBLE FOR FUNDRAISING 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 KAREN REILLY RESPONSIBLE FOR FUNDRAISING 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 MELISSA GILROY CUSTODY OF FINANCIAL RECORDS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ANDREW LEWMAN CUSTODY OF FINANCIAL RECORDS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ANDREW LEWMAN AUTHORIZED TO SIGN CHECKS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 ROGER DINGLEDINE AUTHORIZED TO SIGN CHECKS 7 TEMPLE STREET, SUITE A CAMBRIDGE, MA 02139 6 STATEMENT(S) 2 THE TOR PROJECT, INC. 20-8096820 20. Has this organization or any of its officers, directors, or employees: If yes, please attach an explanation. (a) Been enjoined or otherwise prohibited by a government agency/court from operating or soliciting contributions? Yes X No (b) Ever been refused registration or had its registration or tax exemption denied, suspended, modified or revoked by a governmental agency? Yes X No (c) Been the subject of a proceeding regarding any solicitation or registration? Yes X No (d) Entered into a voluntary agreement of compliance or consent judgment with any government agency or in a case before a court or administrative agency? Yes X No 21. Have any restrictions been removed during the year from donor-restricted funds? Yes X No If yes, please attach an explanation. 22. Have donor-restricted funds been loaned to unrestricted funds? Yes X No If yes, please attach an explanation. 23. This question involves "Termination of Employment or Changes of Control Compensatory Arrangements" with certain "Related Parties" (see instructions and definition sections). Report only if payments made or promised to any individual are in excess of four months salary or $100,000, whichever dollar amount is less.
Recommended publications
  • Intel X86 Considered Harmful

    Intel X86 Considered Harmful

    Intel x86 considered harmful Joanna Rutkowska October 2015 Intel x86 considered harmful Version: 1.0 1 Contents 1 Introduction5 Trusted, Trustworthy, Secure?......................6 2 The BIOS and boot security8 BIOS as the root of trust. For everything................8 Bad SMM vs. Tails...........................9 How can the BIOS become malicious?.................9 Write-Protecting the flash chip..................... 10 Measuring the firmware: TPM and Static Root of Trust........ 11 A forgotten element: an immutable CRTM............... 12 Intel Boot Guard............................. 13 Problems maintaining long chains of trust............... 14 UEFI Secure Boot?........................... 15 Intel TXT to the rescue!......................... 15 The broken promise of Intel TXT.................... 16 Rescuing TXT: SMM sandboxing with STM.............. 18 The broken promise of an STM?.................... 19 Intel SGX: a next generation TXT?................... 20 Summary of x86 boot (in)security.................... 21 2 Intel x86 considered harmful Contents 3 The peripherals 23 Networking devices & subsystem as attack vectors........... 23 Networking devices as leaking apparatus................ 24 Sandboxing the networking devices................... 24 Keeping networking devices outside of the TCB............ 25 Preventing networking from leaking out data.............. 25 The USB as an attack vector...................... 26 The graphics subsystem......................... 29 The disk controller and storage subsystem............... 30 The audio
  • Consensgx: Scaling Anonymous Communications Networks With

    Consensgx: Scaling Anonymous Communications Networks With

    Proceedings on Privacy Enhancing Technologies ; 2019 (3):331–349 Sajin Sasy* and Ian Goldberg* ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments Abstract: Anonymous communications networks enable 1 Introduction individuals to maintain their privacy online. The most popular such network is Tor, with about two million Privacy is an integral right of every individual in daily users; however, Tor is reaching limits of its scala- society [72]. With almost every day-to-day interaction bility. One of the main scalability bottlenecks of Tor and shifting towards using the internet as a medium, it similar network designs originates from the requirement becomes essential to ensure that we can maintain the of distributing a global view of the servers in the network privacy of our actions online. Furthermore, in light to all network clients. This requirement is in place to of nation-state surveillance and censorship, it is all avoid epistemic attacks, in which adversaries who know the more important that we enable individuals and which parts of the network certain clients do and do not organizations to communicate online without revealing know about can rule in or out those clients from being their identities. There are a number of tools aiming to responsible for particular network traffic. provide such private communication, the most popular In this work, we introduce a novel solution to this of which is the Tor network [21]. scalability problem by leveraging oblivious RAM con- Tor is used by millions of people every day to structions and trusted execution environments in order protect their privacy online [70].
  • Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Doswell, Stephen (2016) Measurement and Management of the Impact of Mobility on Low-Latency Anonymity Networks

    Citation: Doswell, Stephen (2016) Measurement and management of the impact of mobility on low-latency anonymity networks. Doctoral thesis, Northumbria University. This version was downloaded from Northumbria Research Link: http://nrl.northumbria.ac.uk/30242/ Northumbria University has developed Northumbria Research Link (NRL) to enable users to access the University’s research output. Copyright © and moral rights for items on NRL are retained by the individual author(s) and/or other copyright owners. Single copies of full items can be reproduced, displayed or performed, and given to third parties in any format or medium for personal research or study, educational, or not-for-profit purposes without prior permission or charge, provided the authors, title and full bibliographic details are given, as well as a hyperlink and/or URL to the original metadata page. The content must not be changed in any way. Full items must not be sold commercially in any format or medium without formal permission of the copyright holder. The full policy is available online: http://nrl.northumbria.ac.uk/policies.html MEASUREMENT AND MANAGEMENT OF THE IMPACT OF MOBILITY ON LOW-LATENCY ANONYMITY NETWORKS S.DOSWELL Ph.D 2016 Measurement and management of the impact of mobility on low-latency anonymity networks Stephen Doswell A thesis submitted in partial fulfilment of the requirements of the University of Northumbria at Newcastle for the degree of Doctor of Philosophy Research undertaken in the Department of Computer Science and Digital Technologies, Faculty of Engineering and Environment October 2016 Declaration I declare that the work contained in this thesis has not been submitted for any other award and that it is all my own work.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: a Framework for Understanding and Improving Entry Guard Selection in Tor

    Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor Tariq Elahi†, Kevin Bauer†, Mashael AlSabah†, Roger Dingledine‡, Ian Goldberg† †University of Waterloo ‡The Tor Project, Inc. †{mtelahi,k4bauer,malsabah,iang}@cs.uwaterloo.ca ‡[email protected] ABSTRACT parties with anonymity from their communication partners as well Tor is the most popular low-latency anonymity overlay network as from passive third parties observing the network. This is done for the Internet, protecting the privacy of hundreds of thousands by distributing trust over a series of Tor routers, which the network of people every day. To ensure a high level of security against cer- clients select to build paths to their Internet destinations. tain attacks, Tor currently utilizes special nodes called entry guards If the adversary can anticipate or compel clients to choose com- as each client’s long-term entry point into the anonymity network. promised routers then clients can lose their anonymity. Indeed, While the use of entry guards provides clear and well-studied secu- the client router selection protocol is a key ingredient in main- rity benefits, it is unclear how well the current entry guard design taining the anonymity properties that Tor provides and needs to achieves its security goals in practice. be secure against adversarial manipulation and leak no information We design and implement Changing of the Guards (COGS), a about clients’ selected routers. simulation-based research framework to study Tor’s entry guard de- When the Tor network was first launched in 2003, clients se- sign. Using COGS, we empirically demonstrate that natural, short- lected routers uniformly at random—an ideal scheme that provides term entry guard churn and explicit time-based entry guard rotation the highest amount of path entropy and thus the least amount of contribute to clients using more entry guards than they should, and information to the adversary.
  • Mass Surveillance

    Mass Surveillance

    Mass Surveillance Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Study IP/G/STOA/FWC-2013-1/LOT 9/C5/SC1 January 2015 PE 527.409 STOA - Science and Technology Options Assessment The STOA project “Mass Surveillance Part 1 – Risks, Opportunities and Mitigation Strategies” was carried out by TECNALIA Research and Investigation in Spain. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero Jason Mansell (Linguistic Review) José Javier Larrañeta Ibañez Stefan Schuster (Editor) The authors acknowledge and would like to thank the following experts for their contributions to this report: Prof. Nigel Smart, University of Bristol; Matteo E. Bonfanti PhD, Research Fellow in International Law and Security, Scuola Superiore Sant’Anna Pisa; Prof. Fred Piper, University of London; Caspar Bowden, independent privacy researcher; Maria Pilar Torres Bruna, Head of Cybersecurity, Everis Aerospace, Defense and Security; Prof. Kenny Paterson, University of London; Agustín Martin and Luis Hernández Encinas, Tenured Scientists, Department of Information Processing and Cryptography (Cryptology and Information Security Group), CSIC; Alessandro Zanasi, Zanasi & Partners; Fernando Acero, Expert on Open Source Software; Luigi Coppolino,Università degli Studi di Napoli; Marcello Antonucci, EZNESS srl; Rachel Oldroyd, Managing Editor of The Bureau of Investigative Journalism; Peter Kruse, Founder of CSIS Security Group A/S; Ryan Gallagher, investigative Reporter of The Intercept; Capitán Alberto Redondo, Guardia Civil; Prof. Bart Preneel, KU Leuven; Raoul Chiesa, Security Brokers SCpA, CyberDefcon Ltd.; Prof.
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)

    Tor: the Second-Generation Onion Router (2014 DRAFT V1)

    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
  • September 2, 2015 Dear Kilton Library Community, As Guardians Of

    September 2, 2015 Dear Kilton Library Community, As Guardians Of

    September 2, 2015 Dear Kilton Library community, As guardians of knowledge and the freedom to read, librarians have long led the fight for free expression. In the Information Age —which has produced unprecedented access to information and mass surveillance— librarians are eager as ever to help their communities better understand and protect their privacy and intellectual freedom. Across the nation and around the globe, librarians are working with the Library Freedom Project (LFP) to make real the promise of intellectual freedom in the digital age. LFP, along with our partners the ACLU and the Tor Project, provides privacy trainings for library communities, teaching people their rights under the law, and how to find and use free and open source, privacy protective technologies. Thanks to generous funding from the Knight Foundation, LFP has over the past year run dozens of privacy workshops for libraries of all sizes across the United States. In a pilot project in the summer of 2015, the Kilton Library in Lebanon, New Hampshire, worked with LFP and the Tor Project to setup a Tor relay.1 Tor is a free, open network that helps people defend against mass surveillance by providing them anonymity online. While the Tor Project is responsible for maintaining the source code for Tor, the technology depends on thousands of volunteers who run "relays", or computer servers that support the Tor network. Libraries are ideal locations to host Tor relays because they are staunch supporters of intellectual freedom and privacy, and because they provide access to other essential internet services. The Kilton Library, with LFP's help, sought to become one among many such nodes in Tor's worldwide internet freedom system.
  • Tor: a Quick Overview

    Tor: a Quick Overview

    Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, Knight Foundation, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy 3 Estimated 600,000? daily Tor users 4 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 5 Anonymity isn't encryption: Encryption just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 6 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 7 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 8 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. Human rights “It's reachability!” “It's traffic-analysis activists resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Regular citizens don't want to be watched and tracked.
  • Monitoring the Dark Web and Securing Onion Services

    Monitoring the Dark Web and Securing Onion Services

    City University of New York (CUNY) CUNY Academic Works Publications and Research Queensborough Community College 2017 Monitoring the Dark Web and Securing Onion Services John Schriner CUNY Queensborough Community College How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/qb_pubs/41 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Monitoring the Dark Web Schriner 1 John Schriner Monitoring the Dark Web Contrary to what one may expect to read with a title like Monitoring the Dark Web, this paper will focus less on how law enforcement works to monitor hidden web sites and services and focus more on how academics and researchers monitor this realm. The paper is divided into three parts: Part One discusses Tor research and how onion services work; Part Two discusses tools that researchers use to monitor the dark web; Part Three tackles the technological, ethical, and social interests at play in securing the dark web. Part One: Tor is Research-Driven Tor (an acronym for 'the onion router' now stylized simply 'Tor') is an anonymity network in which a user of the Tor Browser connects to a website via three hops: a guard node, a middle relay, and an exit node. The connection is encrypted with three layers, stripping a layer at each hop towards its destination server. No single node has the full picture of the connection along the circuit: the guard knows only your IP but not where the destination is; the middle node knows the guard and the exit node; the exit node knows only the middle node and the final destination.
  • A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)

    A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)

    The following paper was originally published in the Proceedings of the Sixth USENIX UNIX Security Symposium San Jose, California, July 1996. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker) Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer Computer Science Division University of California, Berkeley For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL: http://www.usenix.org A Secure Environment for Untruste d Help er Applications Con ningtheWilyHacker Ian Goldb erg David Wagner Randi Thomas Er ic A. Brewer fiang,daw,randit,[email protected] University of California, Berkeley cious programs to spawn pro ce ss e s andto read or Ab stract wr iteanunsusp ecting us er's le s [15,18,19,34,36]. Whatisnee ded in thi s new environment, then, i s Manypopular programs, suchasNetscap e, us e un- protection for all re source s on a us er's system f rom trusted help er applications to pro ce ss data f rom the thi s threat. network. Unfortunately,theunauthenticated net- workdatathey interpret could well have b een cre- Our aim i s tocon netheuntrusted software anddata ated byanadversary,andthehelp er applications are by monitor ingand re str ictingthe system calls it p er- 1 usually to o complex to b e bug-f ree. Thi s rai s e s s ig- forms. We builtJanus , a s ecure environment for ni cant s ecur ity concer ns. Therefore, it i s de s irable untrusted help er applications, bytaking advantage to create a s ecure environmenttocontain untrusted of the Solar i s pro ce ss tracing f acility.
  • NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights

    NSA) Surveillance Programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) Activities and Their Impact on EU Citizens' Fundamental Rights

    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS The US National Security Agency (NSA) surveillance programmes (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights NOTE Abstract In light of the recent PRISM-related revelations, this briefing note analyzes the impact of US surveillance programmes on European citizens’ rights. The note explores the scope of surveillance that can be carried out under the US FISA Amendment Act 2008, and related practices of the US authorities which have very strong implications for EU data sovereignty and the protection of European citizens’ rights. PE xxx.xxx EN AUTHOR(S) Mr Caspar BOWDEN (Independent Privacy Researcher) Introduction by Prof. Didier BIGO (King’s College London / Director of the Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France). Copy-Editing: Dr. Amandine SCHERRER (Centre d’Etudes sur les Conflits, Liberté et Sécurité – CCLS, Paris, France) Bibliographical assistance : Wendy Grossman RESPONSIBLE ADMINISTRATOR Mr Alessandro DAVOLI Policy Department Citizens' Rights and Constitutional Affairs European Parliament B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSIONS Original: EN ABOUT THE EDITOR To contact the Policy Department or to subscribe to its monthly newsletter please write to: [email protected] Manuscript completed in MMMMM 200X. Brussels, © European Parliament, 200X. This document is available on the Internet at: http://www.europarl.europa.eu/studies DISCLAIMER The opinions expressed in this document are the sole responsibility of the author and do not necessarily represent the official position of the European Parliament.